Skip to content

Add user SSH keys as agenix recipients on dev machines #160

Description

@etrobert-bot

Add Étienne's personal SSH public keys (one per dev machine: aaron, tower, leod) as agenix recipients so secrets can be decrypted without sudo.

Context: Currently only machine host keys are recipients in secrets/secrets.nix. Adding user keys is a standard agenix pattern — machine keys handle deployment, user keys handle dev/editing workflows. This also allows Claude Code agents to decrypt secrets without needing sudo.

Steps:

  1. Collect ~/.ssh/id_ed25519.pub from each dev machine (aaron, tower, leod)
  2. Add to secrets/secrets.nix as softAaron / softTower / softLeod, grouped into allSoftKeys
  3. Add allSoftKeys to recipients of dev-facing secrets: github-bot-token, openai-api-key, gemini-api-key — skip system secrets (wifi passwords, soft-password, tailscale-authkey)
  4. Re-encrypt affected secrets with agenix -r

Originally tracked in #123.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions